Roles And Services; User Services; Crypto Officer Services - Cisco 2811 - Voice Security Bundle Router Operations

Router Physical Interface
Main Power Plug
Redundant Power Supply Plug
The CF card that stored the IOS image is considered an internal memory module. The reason is
the IOS image stored in the card cannot be modified or upgraded. The card itself must never be
removed from the drive. Tamper evident seal will be placed over the card in the drive.

2.3 Roles and Services

Authentication in Cisco 2811 and 2821 is role-based. There are two main roles in the router that
operators can assume: the Crypto Officer role and the User role. The administrator of the router
assumes the Crypto Officer role in order to configure and maintain the router using Crypto
Officer services, while the Users exercise only the basic User services. The module supports
RADIUS and TACACS+ for authentication. A complete description of all the management and
configuration capabilities of the router can be found in the Performing Basic System
Management manual and in the online help for the router.

2.3.1. User Services

Users enter the system by accessing the console port with a terminal program or via IPSec
protected telnet or SSH session to a LAN port. The IOS prompts the User for username and
password. If the password is correct, the User is allowed entry to the IOS executive program.
The services available to the User role consist of the following:
Status Functions
Network Functions
Terminal Functions
Directory Services
SSL-TLS/VPN
EASY VPN

2.3.2 Crypto Officer Services

During initial configuration of the router, the Crypto Officer password (the "enable" password) is
defined. A Crypto Officer can assign permission to access the Crypto Officer role to additional
accounts, thereby creating additional Crypto Officers.
The Crypto Officer role is responsible for the configuration and maintenance of the router.
The Crypto Officer services consist of the following:
© Copyright 2007 Cisco Systems, Inc.
This document may be freely reproduced and distributed whole and intact including this Copyright Notice.
FIPS 140-2 Logical Interface
Power Interface
Table 8 – 2821 FIPS 140-2 Logical Interfaces
View state of interfaces and protocols, version of IOS currently
running.
Connect to other network devices through outgoing telnet, PPP, etc.
and initiate diagnostic network services (i.e., ping, mtrace).
Adjust the terminal session (e.g., lock the terminal, adjust flow
control).
Display directory of files kept in flash memory.
Negotiation and encrypted data transport via SSL/TLS.
Negotiation and encrypted data transport via EASY VPN.
12